Wait, there is a bug in high sierra making it possible to log in as root without a password. What the fuck? How does this shit even happen?

We were pretty shocked to hear about it, but we tried it on an unsuspecting victims machine, worked fucking flawlessly.

The best part is, by default the firewall is off too hahaha

I can finally ssh into my coworkers lappies and mute their sound!

(Well, this makes it easier.)

Because by default root has no password. And that's just stupid. If this has been the case for all macOS releases I'm surprised it wasn't uncovered until now. If they changed it in high sierra I want to know what's the reason behind it. This is system working as intended but default configuration being bad.

@Root Hell Yeah! The opportunities are endless 🤪

@flag0 as far as i know it didnt happen in older versions

Yeah I heard, can't believe it

@Alice There are security flaws, there are horrible security flaws, and then there are FUCKING WOT??? flaws.

What's weird to me is to fix this problem you need to enable root login and then change root password. That would mean before you enable root login, it is actually enabled behind the scene. So they must have done sth like hard code the default login config which gets shown to user, which is seriously stupid.

@Root Actually, you shouldn't be able to. We tried it at my company today, doesn't seem to work through SSH 😊

Apple is known to "borrow" ideas from others, so they copied MS "feature" from, I don't know, 15 years ago? ;)

@aaxa probably because there is no ssh server running by default

Apple released a patch earlier today for this issue.